Home > Uncategorized > Security News #0x71

Security News #0x71

  • There is a new privilege escalation exploit for Windows that impacts 32 bit versions of Windows 7 (SP0/SP1) available in Metasploit. The exploit is called Windows NTUserMessageCall Win32k Kernel Pool Overflow (Schlamperei). It exploits CVE 2013-1300 and was patched in MS13-053. I tried using a meterpreter shell spawned from MS13_055_CAnchor, and despite being a relatively unprivileged shell (as it came from Internet Explorer) it worked quite simply- though my practice target did not have SP1 installed.
  • Another recent fun Metasploit module targets Adobe Flash; it is called Adobe Flash Player Integer Underflow Remote Code Execution. One neat feature of this is that it works happily on Windows 8- a target notoriously short of reliable exploits. As an added bonus, remember that Adobe Flash is built-in to Windows 8. An unpatched Windows 8 comes with, which is one of the versions vulnerable to this exploit. On the other hand, the exploit does not impact Adobe Flash through Firefox, as it does not use ActiveX. The underlying problem is CVE 2014-0497.
  • And if we are going to talk about Metasploit modules that affect Windows 8, let’s not forget the even more recent Adobe Flash Player Shader Buffer Overflow which exploits CVE 2014-0515. Again, because Windows 8 comes with Adobe Flash pre-installed, this worked quite happily on my (unpatched) Windows 8 target.
Learning More
  • Denis Sinegubko at the Sucuri Blog has a nice example of a Joomla Plugin backdoor
  • If you want to understand the differences between the existing OpenSSL libraries and the recently forked LibreSSL library, you may want to take a look at the take over at Insane Coding.
  • Rohan Vazarkar (@CptJesus) has updated his Python memory scanner that looks for Meterpreter in memory.
  • If you want to learn more about how Python works, take a look at the Diary of a reverse engineer. This is a nice piece that breaks Python code down into is assembly language, and then shows how to exploit a Python bug to get code execution.
Industry News
  • It also looks like folks can attack traffic control systems, apparently because some traffic sensors use a vulnerable proprietary communication protocol. Take a look at the original piece at Wired and a follow up at Ars Technica.
Categories: Uncategorized
  1. No comments yet.
  1. June 8, 2014 at 10:33 pm

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: